Service Bus Proposal

I see Apache ALOIS as a "best of breeds" pot. Therefor, ALOIS contains a core which is (or at least kind of) a message bus. This message bus is the interface for all of these tools to work together. I am not talking of a general message bus (but we might take one as a base), but one which is specially for this case and can and will contain some application logic. To have a fully functional SIEM without legal incompatiblity there is for every interface an own tool, which implements the basic functionality. These tools could be the actual moduls of ALOIS.

I see the following basic functionality (and therefor interfaces):

  1. Collectors or agents, which collect the logs of a system or application
  2. Data server, which collects all logs from agents, stores it and does maybe some filtering
  3. Data mining, which correlates the data
  4. Reporting
  5. Frontend for display

This basic functionality should be implemented independently and therefor such a tool (or group of tools) can be replaced rather easy, if there is found a better one. To allow this independence we need a message bus. I propose to take a good open source service bus and configure it for our needs. I would prefer well-defined interfaces to an open, generalized one.

As a starting point I see the following architecture: ALOIS Service Bus_small.png

To me, REST as the main transfer language seems state of the art.


ServiceBus (last edited 2011-01-08 13:14:11 by UrsLerch)